Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2025-48471

    FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.179, the application does not check or performs insufficient checking of files uploaded to the application. This allows files to be uploaded with the phtml and phar extensi... Read more

    Affected Products : freescout
    • Published: May. 29, 2025
    • Modified: Jun. 10, 2025
    • Vuln Type: Authentication

  • 8.6

    HIGH
    CVE-2025-48390

    FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.178, FreeScout is vulnerable to code injection due to insufficient validation of user input in the php_path parameter. The backticks characters are not removed, as well as ... Read more

    Affected Products : freescout
    • Published: May. 29, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Injection

  • 8.6

    HIGH
    CVE-2025-48389

    FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.178, FreeScout is vulnerable to deserialization of untrusted data due to insufficient validation. Through the set function, a string with a serialized object can be passed,... Read more

    Affected Products : freescout
    • Published: May. 29, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Misconfiguration

  • 7.3

    HIGH
    CVE-2025-45474

    maccms10 v2025.1000.4047 is vulnerable to Server-side request forgery (SSRF) in Email Settings.... Read more

    Affected Products : maccms
    • Published: May. 29, 2025
    • Modified: Jun. 19, 2025
    • Vuln Type: Server-Side Request Forgery

  • 5.3

    MEDIUM
    CVE-2025-3913

    Mattermost versions 10.7.x <= 10.7.0, 10.6.x <= 10.6.2, 10.5.x <= 10.5.3, 9.11.x <= 9.11.12 fail to properly validate permissions when changing team privacy settings, allowing team administrators without the 'invite user' permission to access and modify t... Read more

    Affected Products : mattermost_server
    • Published: May. 29, 2025
    • Modified: May. 30, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2025-5334

    Exposure of private personal information to an unauthorized actor in the user vaults component of Devolutions Remote Desktop Manager allows an authenticated user to gain unauthorized access to private personal information. Under specific circumstances... Read more

    Affected Products : remote_desktop_manager
    • Published: May. 29, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-5321

    A vulnerability classified as critical was found in aimhubio aim up to 3.29.1. This vulnerability affects the function RestrictedPythonQuery of the file /aim/storage/query.py of the component run_view Object Handler. The manipulation of the argument Abfra... Read more

    Affected Products : aim
    • Published: May. 29, 2025
    • Modified: Jun. 01, 2025
    • Vuln Type: Authorization

  • 4.8

    MEDIUM
    CVE-2025-4081

    Use of entitlement "com.apple.security.cs.disable-library-validation" and lack of launch and library load constraints allows to substitute a legitimate dylib with malicious one. A local attacker with unprivileged access can execute the application with al... Read more

    Affected Products :
    • Published: May. 29, 2025
    • Modified: May. 30, 2025
    • Vuln Type: Misconfiguration

  • 10.0

    CRITICAL
    CVE-2025-48748

    Netwrix Directory Manager (formerly Imanami GroupID) through v.10.0.7784.0 has a hard-coded password.... Read more

    Affected Products : directory_manager
    • Published: May. 29, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Misconfiguration

  • 7.5

    HIGH
    CVE-2024-22654

    tcpreplay v4.4.4 was discovered to contain an infinite loop via the tcprewrite function at get.c.... Read more

    Affected Products : tcpreplay
    • Published: May. 29, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Denial of Service

  • 4.8

    MEDIUM
    CVE-2024-22653

    yasm commit 9defefae was discovered to contain a NULL pointer dereference via the yasm_section_bcs_append function at section.c.... Read more

    Affected Products : yasm
    • Published: May. 29, 2025
    • Modified: Jun. 18, 2025
    • Vuln Type: Memory Corruption

  • 6.3

    MEDIUM
    CVE-2025-5320

    A vulnerability classified as problematic has been found in gradio-app gradio up to 5.29.1. This affects the function is_valid_origin of the component CORS Handler. The manipulation of the argument localhost_aliases leads to erweiterte Rechte. It is possi... Read more

    Affected Products : gradio
    • Published: May. 29, 2025
    • Modified: Jun. 01, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2025-46080

    HuoCMS V3.5.1 has a File Upload Vulnerability. An attacker can exploit this flaw to bypass whitelist restrictions and craft malicious files with specific suffixes, thereby gaining control of the server.... Read more

    Affected Products : huocms
    • Published: May. 29, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Misconfiguration

  • 5.3

    MEDIUM
    CVE-2025-46078

    HuoCMS V3.5.1 and before is vulnerable to file upload, which allows attackers to take control of the target server... Read more

    Affected Products : huocms
    • Published: May. 29, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Misconfiguration

  • 0.0

    NA
    CVE-2025-37999

    In the Linux kernel, the following vulnerability has been resolved: fs/erofs/fileio: call erofs_onlinefolio_split() after bio_add_folio() If bio_add_folio() fails (because it is full), erofs_fileio_scan_folio() needs to submit the I/O request via erofs_... Read more

    Affected Products : linux_kernel
    • Published: May. 29, 2025
    • Modified: May. 29, 2025
    • Vuln Type: Race Condition

  • 0.0

    NA
    CVE-2025-37998

    In the Linux kernel, the following vulnerability has been resolved: openvswitch: Fix unsafe attribute parsing in output_userspace() This patch replaces the manual Netlink attribute iteration in output_userspace() with nla_for_each_nested(), which ensure... Read more

    Affected Products : linux_kernel
    • Published: May. 29, 2025
    • Modified: Aug. 09, 2025
    • Vuln Type: Misconfiguration

  • 0.0

    NA
    CVE-2025-37997

    In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: fix region locking in hash types Region locking introduced in v5.6-rc4 contained three macros to handle the region locks: ahash_bucket_start(), ahash_bucket_end() whic... Read more

    Affected Products : linux_kernel
    • Published: May. 29, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Race Condition

  • 0.0

    NA
    CVE-2025-37996

    In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Fix uninitialized memcache pointer in user_mem_abort() Commit fce886a60207 ("KVM: arm64: Plumb the pKVM MMU in KVM") made the initialization of the local memcache variable i... Read more

    Affected Products : linux_kernel
    • Published: May. 29, 2025
    • Modified: May. 29, 2025
    • Vuln Type: Misconfiguration

  • 0.0

    NA
    CVE-2025-37995

    In the Linux kernel, the following vulnerability has been resolved: module: ensure that kobject_put() is safe for module type kobjects In 'lookup_or_create_module_kobject()', an internal kobject is created using 'module_ktype'. So call to 'kobject_put()... Read more

    Affected Products : linux_kernel
    • Published: May. 29, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-37994

    In the Linux kernel, the following vulnerability has been resolved: usb: typec: ucsi: displayport: Fix NULL pointer access This patch ensures that the UCSI driver waits for all pending tasks in the ucsi_displayport_work workqueue to finish executing bef... Read more

    Affected Products : linux_kernel
    • Published: May. 29, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Memory Corruption
Showing 20 of 291779 Results